package com.shiro.demo.contorller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class UserController {

    @GetMapping("/login")
    public String login(@RequestParam(value = "name",required = false) String username) {
        if (StringUtils.isEmpty(username)) {
            return "请输入用户名登录";
        }
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken();
        usernamePasswordToken.setUsername(username);
        usernamePasswordToken.setPassword(username.toCharArray());
        Subject subject = SecurityUtils.getSubject();
        subject.login(usernamePasswordToken);
        return (String) subject.getSession().getId();
    }

    @RequiresRoles("SALER")
    @RequiresPermissions("SALE_MANAGER")
    @GetMapping("sale/manage")
    public String saleManage() {
        return "saleManage";
    }
}
